Add correct principals for the current user before ACL check

3 files changed, 77 insertions, 3 deletions

diff --git a/apps/dav/appinfo/v1/caldav.php b/apps/dav/appinfo/v1/caldav.php
index 333e8bbb3c4..3e56e3d0e81 100644
--- a/apps/dav/appinfo/v1/caldav.php
+++ b/apps/dav/appinfo/v1/caldav.php
@@ -62,7 +62,10 @@ $server->setBaseUri($baseuri);
 $server->addPlugin(new MaintenancePlugin());
 $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, 'ownCloud'));
 $server->addPlugin(new \Sabre\CalDAV\Plugin());
-$server->addPlugin(new \Sabre\DAVACL\Plugin());
+
+$acl = new \OCA\DAV\Connector\LegacyDAVACL();
+$server->addPlugin($acl);
+
 $server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
 $server->addPlugin(new ExceptionLoggerPlugin('caldav', \OC::$server->getLogger()));
 
diff --git a/apps/dav/appinfo/v1/carddav.php b/apps/dav/appinfo/v1/carddav.php
index 54f0d259bb9..4a3f98475cd 100644
--- a/apps/dav/appinfo/v1/carddav.php
+++ b/apps/dav/appinfo/v1/carddav.php
@@ -22,7 +22,6 @@
 // Backends
 use OCA\DAV\CardDAV\AddressBookRoot;
 use OCA\DAV\CardDAV\CardDavBackend;
-use OCA\DAV\Connector\Sabre\AppEnabledPlugin;
 use OCA\DAV\Connector\Sabre\Auth;
 use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
 use OCA\DAV\Connector\Sabre\MaintenancePlugin;
@@ -63,7 +62,10 @@ $server->setBaseUri($baseuri);
 $server->addPlugin(new MaintenancePlugin());
 $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, 'ownCloud'));
 $server->addPlugin(new Plugin());
-$server->addPlugin(new \Sabre\DAVACL\Plugin());
+
+$acl = new \OCA\DAV\Connector\LegacyDAVACL();
+$server->addPlugin($acl);
+
 $server->addPlugin(new \Sabre\CardDAV\VCFExportPlugin());
 $server->addPlugin(new ExceptionLoggerPlugin('carddav', \OC::$server->getLogger()));
 
diff --git a/apps/dav/lib/connector/legacydavacl.php b/apps/dav/lib/connector/legacydavacl.php
new file mode 100644
index 00000000000..149bd85e4be
--- /dev/null
+++ b/apps/dav/lib/connector/legacydavacl.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\DAV\Connector;
+
+
+use Sabre\HTTP\URLUtil;
+
+class LegacyDAVACL extends \Sabre\DAVACL\Plugin {
+
+	/**
+	 * Converts the v1 principal `principal/<username>` to the new v2
+	 * `principal/users/<username>` which is required for permission checks
+	 *
+	 * @inheritdoc
+	 */
+	function getCurrentUserPrincipal() {
+		$principalV1 = parent::getCurrentUserPrincipal();
+		if (is_null($principalV1)) {
+			return $principalV1;
+		}
+		return $this->convertPrincipal($principalV1, true);
+	}
+
+
+	/**
+	 * @inheritdoc
+	 */
+	function getCurrentUserPrincipals() {
+		$principalV2 = $this->getCurrentUserPrincipal();
+
+		if (is_null($principalV2)) return [];
+
+		$principalV1 = $this->convertPrincipal($principalV2, false);
+		return array_merge(
+			[
+				$principalV2,
+				$principalV1
+			],
+			$this->getPrincipalMembership($principalV1)
+		);
+	}
+
+	private function convertPrincipal($principal, $toV2) {
+		list(, $name) = URLUtil::splitPath($principal);
+		if ($toV2) {
+			return "principals/users/$name";
+		}
+		return "principals/$name";
+	}
+}